summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2022-02-21 21:26:35 +0100
committerSalvatore Bonaccorso <carnil@debian.org>2022-02-21 21:26:35 +0100
commit973afc28dcd0a16fad97f929e6fbe9de842951b7 (patch)
tree6f4ff85b9d9a78e45cbc56198062bd7b3fb0e0a6
parent493845e89d6d4d8c49b676e9b86552253b3e36bd (diff)
Add CVE-2022-0691/node-url-parse
-rw-r--r--data/CVE/2022.list4
1 files changed, 3 insertions, 1 deletions
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index 9340ecc4c9..09aaf6c9be 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -551,7 +551,9 @@ CVE-2022-0693
CVE-2022-0692 (Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to ...)
NOT-FOR-US: alltube
CVE-2022-0691 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
- TODO: check
+ - node-url-parse 1.5.9+~1.4.8-1
+ NOTE: https://huntr.dev/bounties/57124ed5-4b68-4934-8325-2c546257f2e4
+ NOTE: https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63 (1.5.9)
CVE-2022-25369
RESERVED
CVE-2022-25368

© 2014-2024 Faster IT GmbH | imprint | privacy policy